CLAIM AMENDMENTS 

Claim Amendment Summary 
Claims pending 

• Before this Amendment: Claims 1-31. 

• After this Amendment: Claims 1-6, 10-15, 18-21, and 23-29. 
Canceled or Withdrawn claims: Claims 7-9, 16-17, 22, and 30- 

31. 

Amended claims: 1, 12-13, 18-19, 23-24, and 28. 
New claims: None. 
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Claims: 



1. (Currently Amended) A method comprising: 

i dentify i ng a se l ected permission leve l associated w i th a child's 
access to a Web server; 

obta i ning a re l ationship ticket from an authentication server; 

communicating a parental identity to an authentication server for 
verification; 

receiving a relationship ticket from the authentication server when 
the parental identity has been successfully verified, wherein the 
relationship ticket received from the authentication server is encrypted so 
that the relationship ticket cannot be decrypted by a client device which 
receives the relationship ticket and wherein the relationship ticket includes 
the parental identity and identifies a child who's access to a Web server is 
to be limited; 

generating a request to set the selected perm i ssion level establish a 
selected permission level for the child which will limit the child's access to 
the Web server ; 

sending the request and the relationship ticket to the Web server for 
decryption of the relationship ticket, authentication of the parental identity, 
and establishment of the selected permission level for the child ; and 

receiving a success code from the Web server if the selected 
permission level is established for the child . 
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2. (Original) A method as recited in claim 1 further including 
receiving a failure notification from the Web server if the selected 
permission level is not established. 

3. (Original) A method as recited in claim 1 wherein sending 
the request to the Web server includes using an untrusted connection with 
the Web server. 

4. (Original) A method as recited in claim 1 wherein the 
request to the Web server is sent using an unsecure connection with the 
Web server. 

5. (Original) A method as recited in claim 1 wherein the 
relationship ticket is encrypted by the authentication server. 

6. (Original) A method as recited in claim 1 wherein the 
selected permission level is established if the relationship ticket is 
authenticated. 

7. (Canceled) 

8. (Canceled) 

9. (Canceled) 
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10. (Original) A method as recited in claim 1 wherein the 
authentication server is a .NET Passport server. 

11. (Original) A method as recited in claim 1 wherein selecting 
a permission level associated with a child's usage of a web site is 
performed by a parent of the child. 

12. (Currently Amended) One or more computer-readable 
memories including at least one tangible component, and containing a 
computer program that is executable by a processor to perform the 
method recited in claim 1. 
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13. (Currently Amended) A method comprising: 

i dentifying a selected perm i ssion l eve l associated w i th a ch il d's 
access to a Web server; 

obtaining a re l ationship ticket from an authentication server; 

communicating a employer identity to an authentication server for 
verification; 

receiving a relationship ticket from the authentication server when 
the employer identity has been successfully verified, wherein the 
relationship ticket received from the authentication server is encrypted so 
that the relationship ticket cannot be decrypted by a client device which 
receives the relationship ticket, and wherein the relationship ticket includes 
the employer identity and identifies an employee who's access to a Web 
server is to be limited: 

generating a request to set the selected perm i ssion level establish a 
selected permission level for the employee which will limit the employee's 
access to the Web server : 

sending the request and the relationship ticket to the Web server for 
decryption of the relationship ticket, authentication of the employer 
identity, and establishment of the selected permission level for the 
employee ; and 

receiving a success code from the Web server if the selected 
permission level is established for the employee . 



14. (Original) A method as recited in claim 13 wherein the 
relationship ticket is encrypted by the authentication server. 
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15. (Original) A method as recited in claim 13 wherein the 
relationship ticket is encrypted by the authentication server, and wherein 
the relationship ticket is decrypted by the Web server. 

16. (Canceled) 

17. (Canceled) 

18. (Currently Amended) One or more computer-readable 
memories including at least one tangible component, and containing a 
computer program that is executable by a processor to perform the 
method recited in claim 13. 
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19. (Currently Amended) A method comprising: 

identifying a modified permission level associated with a user's 
access to a Web service; 

obtaining an encrypted re l at i onsh i p t i cket from an authent i cation 
sefve f receiving a relationship ticket from an authentication server when a 
manager's identity has been successfully verified, wherein the relationship 
ticket received from the authentication server is encrypted so that the 
relationship ticket cannot be decrypted by a client device which receives 
the relationship ticket and wherein the relationship ticket includes the 
manager's identity and identifies a user who's access to a Web service is to 
be modified : 

generating a request to modify the se l ected permiss i on level 
associated with the user's access to the Web service a selected permission 
level for the user which controls the user's access to the Web service ; 

sending the request and the encrypted relationship ticket to the Web 
service via an unsecure connection for decryption of the relationship ticket, 
authentication of the manager's identity, and modification of the selected 
permission level for the user : and 

receiving a success code from the Web service if the modified 
permission level is established for the user , 

20. (Original) A method as recited in claim 19 further 
comprising receiving a failure notification from the Web service if the 
modified permission level is not established. 
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21. (Original) A method as recited in claim 19 wherein the 
modified permission level is established if the encrypted relationship ticket 
is authenticated by the Web service. 

22. (Canceled) 

23. (Currently Amended) One or more computer-readable 
memories including at least one tangible component, and containing a 
computer program that is executable by a processor to perform the 
method recited in claim 19. 

24. (Currently Amended) An apparatus comprising: 

an interface to receive requests to establish Web access permissions 
and relationship tickets via an unsecure communication link , wherein the 
relationship ticket received is encrypted and includes information regarding 
a manager identity and information regarding an identity if an associate 
who's Web access permissions are to be controlled ; 

a storage device to store manager-associate relationship information 
for use in authenticating the manager identity ; and 

a processor coupled to the interface and the storage device, the 
processor to receive □ relat i onship the relationship ticket from a client 
device and decrypt the relationship ticket, the processor further to 
authenticate the relationship ticket and establish the requested Web 
access permissions if the relationship ticket is authenticated. 
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25. (Original) An apparatus as recited in claim 24 wherein the 
processor is further to generate a success code if the relationship ticket is 
authenticated. 

26. (Original) An apparatus as recited in claim 24 wherein the 
processor is further to generate a failure notification if the relationship 
ticket is not authenticated. 

27. (Original) An apparatus as recited in claim 24 wherein the 
storage device further stores Web access permission information. 
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28. (Currently Amended) One or more computer-readable 
media including at least one tangible component, and having stored 
thereon a computer program that, when executed by one or more 
processors, causes the one or more processors to: 

select a permission level associated with an associate's access to a 
Web server; 

obtain a relationship ticket from an authentication server , wherein 
the relationship ticket obtained from the authentication server is encrypted 
and includes information regarding a manager's identity and information 
regarding an identity of an associate who's access to the Web server is to 
be limited ; 

generate a request to set the selected perm i ssion leve l establish a 
selected permission level for the associate which will limit the associate's 
access to the Web server : 

send the request and the relationship ticket to the Web server via an 
unsecure communication link for decryption of the relationship ticket, 
authentication of the manager's identity, and establishment of the selected 
permission level for the associate ; and 

receive a success code from the Web server if the requested 
permission level is established for the associate . 
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29. (Original) One or more computer-readable media as recited 
in claim 28 wherein the relationship ticket is encrypted by the 
authentication server and decrypted by the Web server. 



30. (Canceled) 



31. (Canceled) 
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